Malicious PDF — malware analysis report

Static analysis result for SHA-256 30d9d78857ea360b…

MALICIOUS

PDF

43.8 KB Created: 2019-04-02 17:53:05 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: a0fdbc59a104e89f7efc116906e9b963 SHA-1: ce9c306bceed724a519d620384b766c2aca67f87 SHA-256: 30d9d78857ea360b99b4615c3c1126dcf7fd67660dd150c49d611cbeb89bea4c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, indicative of a link farm or SEO manipulation tactic. The document body is heavily obfuscated, preventing a clear understanding of its direct user-facing purpose. However, the sheer volume of links to seemingly unrelated PDF documents suggests an attempt to artificially inflate search engine rankings or redirect users to potentially harmful content hosted on the 'gorillawalker.com' domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/north-carolina-nature-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/traveling-at-the-speed-of-thought-einstein-and-the-quest.pdf
    • http://www.gorillawalker.com/business-ethics-case-studies-and-selected-readings.pdf
    • http://www.gorillawalker.com/nature-of-monotheism-in-koranic-thought-science-and-epistemology-in.pdf
    • http://www.gorillawalker.com/bearskin.pdf
    • http://www.gorillawalker.com/social-media-in-travel-tourism-and-hospitality-theory-practice-and.pdf
    • http://www.gorillawalker.com/the-vienna-epigrams-papyrus-corpus-papyrum-raineri.pdf
    • http://www.gorillawalker.com/the-heroes-of-olympus-book-five-the-blood-of-olympus.pdf
    • http://www.gorillawalker.com/baritone-b-c-student-student-instrumental-course-level-two-intermediate.pdf
    • http://www.gorillawalker.com/the-american-revolution-the-american-adventure-series-11.pdf
    • http://www.gorillawalker.com/language-arts-level-c.pdf
    • http://www.gorillawalker.com/doctors-los-doctores-tools-we-use-instrumentos-de-trabajo.pdf
    • http://www.gorillawalker.com/an-introduction-to-macroscopic-quantum-phenomena-and-quantum-dissipation.pdf
    • http://www.gorillawalker.com/in-the-laurels-caught-fence-modern-poets-series.pdf
    • http://www.gorillawalker.com/holt-geometry-premier-online-edition-6-year-geometry-2007.pdf
    • http://www.gorillawalker.com/business-to-business-direct-marketing-proven-direct-response-methods-to.pdf
    • http://www.gorillawalker.com/que-monton-de-tamales-too-many-tamales-spanish-edition.pdf
    • http://www.gorillawalker.com/inquiry-logic-and-international-politics-studies-in-international-relations.pdf
    • http://www.gorillawalker.com/lord-nelson.pdf
    • http://www.gorillawalker.com/nclex-rn-maternal-neonatal-nursing-made-incredibly-easy-incredibly-easy.pdf
    • http://www.gorillawalker.com/the-biology-and-conservation-of-wild-felids.pdf
    • http://www.gorillawalker.com/helping-people-live-with-chronic-illness.pdf
    • http://www.gorillawalker.com/the-pearl-a-journal-of-voluptuous-reading-the-underground-magazine.pdf
    • http://www.gorillawalker.com/scientific-examination-of-questioned-documents-second-edition-forensic-and-police.pdf
    • http://www.gorillawalker.com/all-the-mighty-world-the-photographs-of-roger-fenton-1852.pdf
    • http://www.gorillawalker.com/cuba-anatomy-of-a-revolution.pdf
    • http://www.gorillawalker.com/the-who-guitar-tab-anthology-guitar-tab.pdf
    • http://www.gorillawalker.com/non-auditory-effects-of-noise-at-work-a-review-of.pdf
    • http://www.gorillawalker.com/eureka-math-a-story-of-functions-algebra-i-module-4.pdf
    • http://www.gorillawalker.com/blocked-by-caste-economic-discrimination-in-modern-india.pdf
    • http://www.gorillawalker.com/interstellar-breeding-habits-of-the-hairless-ape-interracial-breeding-sci.pdf
    • http://www.gorillawalker.com/st-benedict-hero-of-the-hills-vision-books.pdf
    • http://www.gorillawalker.com/field-guide-to-the-amphibians-and-reptiles-of-bali.pdf
    • http://www.gorillawalker.com/become-an-idea-machine-because-ideas-are-the-currency-of.pdf
    • http://www.gorillawalker.com/the-great-comic-book-artists-volume-2.pdf
    • http://www.gorillawalker.com/small-area-atlas-of-bangladesh-mauzas-and-mahallahs-of-sylhet.pdf
    • http://www.gorillawalker.com/workers-councils.pdf
    • http://www.gorillawalker.com/ultrafast-photophysics-and-photochemistry-of-radical-precursors-in-solution.pdf
    • http://www.gorillawalker.com/one-minute-pocket-bible-for-father-kindle-edition.pdf
    • http://www.gorillawalker.com/event-related-potentials-in-adolescents-with-combined-adhd-and-cd.pdf
    • http://www.gorillawalker.com/social-media-in-travel-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.